On Mon, Jun 04, 2018 at 02:12:58PM +0200, Jan Kurik wrote: > = Proposed System Wide Change: NSS load p11-kit modules by default = > https://fedoraproject.org/wiki/Changes/NSSLoadP11KitModules > > > Owner(s): > * Daiki Ueno <dueno at redhat dot com> > > > When NSS database is created, PKCS#11 modules configured in the > system's p11-kit will be automatically registered and visible to NSS > applications. > > > > == Detailed description == > Fedora provides a mechanism to configure PKCS#11 modules system wide, > allowing the crypto libraries (GnuTLS and OpenSSL) to use PKCS#11 > modules in a consistent manner. Until now NSS applications haven't > benefit from it as NSS uses a different configuration mechanism which > requires users to register PKCS#11 modules in NSS databases. This > change makes the manual procedure unnecessary, by registering the > p11-kit-proxy module (the aggregator of the system PKCS#11 modules) in > NSS databases with the default configuration. > See also: > * https://bugzilla.redhat.com/show_bug.cgi?id=1173577 The "how to test section" doesn't have too many details. > 1. install a PKCS#11 module, say softhsm > 2. create an NSS database > 3. list modules registered to the NSS database, and check that there is softhsm *Please* provide explicit instructions how to create the softhsm module, how to do the other steps, and how to verify that it works. It would also be great if you could provide analogous instructions for a _hardware_ module. The easier we make this to test for a people who don't have prior knowledge, the higher the chances of success. Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/T7UFIYCTIIMJ3LL4GOLSSBMNX74URUB6/
